Whitelist enabled,tainted

crowdsec
1

Hello together,

as a newby, I try to get crowdsec running on my system via docker. I used the docker compose file with some small adaptions for my volumes.

First of all I want to add my local IP range to a whitelist so I don’t get banned. Therefore I tired to add my IP range to follwoing file: etc/crowdsec/parsers/s02-enrich/whitelists.yaml

But if I change only one IP address in the file it shows me as tainted. I also tried just for testing to repalce a 0 with a 1. The same result :frowning:

> cscli parsers list
> 
> PARSERS
> ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
>  Name                                     πŸ“¦ Status                    Version   Local Path                                                    
> ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
>  crowdsecurity/cri-logs                   βœ”οΈ enabled                    0.1       /etc/crowdsec/parsers/s00-raw/cri-logs.yaml                   
>  crowdsecurity/dateparse-enrich           βœ”οΈ enabled                    0.2       /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml        
>  crowdsecurity/docker-logs                βœ”οΈ enabled                    0.1       /etc/crowdsec/parsers/s00-raw/docker-logs.yaml                
>  crowdsecurity/geoip-enrich               βœ”οΈ enabled                    0.2       /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml            
>  crowdsecurity/http-logs                  βœ”οΈ enabled                    1.2       /etc/crowdsec/parsers/s02-enrich/http-logs.yaml               
>  crowdsecurity/nginx-logs                 ⚠️ enabled,update-available   1.4       /etc/crowdsec/parsers/s01-parse/nginx-logs.yaml               
>  crowdsecurity/nginx-proxy-manager-logs   βœ”οΈ enabled                    0.2       /etc/crowdsec/parsers/s01-parse/nginx-proxy-manager-logs.yaml 
>  crowdsecurity/sshd-logs                  βœ”οΈ enabled                    2.2       /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml                
>  crowdsecurity/syslog-logs                βœ”οΈ enabled                    0.8       /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml                
>  crowdsecurity/whitelists                 ⚠️ enabled,tainted            ?         /etc/crowdsec/parsers/s02-enrich/whitelists.yaml              
>  mywhitelist.yaml                         🏠 enabled,local                       /etc/crowdsec/parsers/s01-parse/mywhitelist.yaml              
> ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Does anybody have a clue what went wrong?

Thanks a lot in advance,
Martin

2

You can read what tainted means in the context of a parser (whitelist) here

3

Ok, good idea , thanks a lot.